← Back to Skills Marketplace
Tool Governance
by
_silhouette
· GitHub ↗
· v2.4.0
· MIT-0
204
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install tool-governance
Description
工具使用安全与可靠性。当工具反复失败、agent 绕过权限否决、或需要破坏性操作保护时使用。不适用于 agent 提前停止(用 execution-loop)或上下文管理(用 context-memory)。参见 error-recovery(限速恢复)。
Usage Guidance
What to check before installing:
- Required tools: the scripts call git, jq, realpath and use md5/md5sum/shasum. Install those or run the skill in an environment that has them.
- Files & persistence: the scripts write session state to HOME/.openclaw/shared-context/sessions (tool-errors.json, denials.json). SKILL.md mentions .claude/... but actual scripts use .openclaw — confirm where you want state stored and whether that location is acceptable.
- Git side effects: the checkpoint hook can run git add / git stash push / git stash apply; this modifies repo index and stash list and may change working tree state. Do not deploy this on a production repository without backups; test in a disposable repo first.
- No network exfiltration appears present, and no credentials are requested, but the skill does inspect assistant messages and tool payloads and persists them locally — consider privacy implications.
- If you want to limit blast radius: run hooks in a sandbox or CI/test repo, ensure NC_SESSION is set correctly, or avoid enabling autonomous invocation until you vet behavior.
- If you need the skill, consider editing scripts to simplify/limit git operations (e.g., avoid 'git add -A' or require explicit confirmation) and to declare required binaries in metadata so the runtime environment can be prepared.
Confidence note: medium — the code is readable and coherent for its purpose, but the undeclared dependencies, path mismatches, and git side effects are significant enough to warrant caution.
Capability Analysis
Type: OpenClaw Skill
Name: tool-governance
Version: 2.4.0
The bundle provides a set of safety guardrails for OpenClaw agents, including input validation to block dangerous commands (e.g., 'rm -rf /' or 'curl|sh' in tool-input-guard.sh), automatic backups via git stash before destructive operations (checkpoint-rollback.sh), and circuit breakers to prevent infinite retry loops or denial bypasses (tool-error-advisor.sh, denial-tracker.sh). The behavior is consistent with the stated goal of tool governance and lacks any indicators of malicious intent, data exfiltration, or unauthorized persistence.
Capability Assessment
Purpose & Capability
The SKILL.md and scripts implement tool-governance patterns (error escalation, denial tracking, checkpoint/rollback, input guard) which align with the skill name and description. However the package does not declare required binaries (git, jq, realpath, md5/md5sum/shasum) even though the scripts rely on them; that mismatch between declared requirements (none) and actual runtime dependencies is an incoherence.
Instruction Scope
Runtime instructions and provided scripts read assistant messages and tool call payloads from stdin, persist state to the filesystem (session state under HOME/.openclaw/shared-context/sessions), and (for destructive Bash commands) modify git state (git add/stash/git stash apply). SKILL.md references outputs like .claude/tool-errors.json but scripts write to HOME/.openclaw/... — a concrete mismatch. Hooks also perform deterministic actions (permissionDecision / deny) and can auto-roll back git state; these are within governance scope but have side effects that should be explicit.
Install Mechanism
This is instruction-only with bundled scripts and tests (no external install/download). No remote URLs or package installs are used, so install-time code download risk is low.
Credentials
The skill requests no declared credentials, but the scripts rely on environment variables (HOME and NC_SESSION/session_id) and create persistent files under the user's home directory. The filesystem and git modifications (creating stashes, adding files to index in some reference variants) are higher-privilege actions relative to a lightweight governance hook and were not explicitly called out in the metadata or requirements.
Persistence & Privilege
always:false and no autonomous-disable flag are fine. The skill writes persistent session state and checkpoint stashes and thus gains ongoing state in the user's HOME; this is expected for a governance/tracking tool but you should be aware it will persist and may alter git state if run in a repo.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tool-governance - After installation, invoke the skill by name or use
/tool-governance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.4.0
Add settings.json configs, hookSpecificOutput formats, manual workarounds, failure modes
v2.2.0
SKILL.md rewrite: expanded patterns with reference links, PreToolUse updatedInput docs
v2.1.0
CRC knowledge补充 + SKILL.md结构优化 (Workflow/example/Output/Related) + 新 pattern (3.8 auto-compact breaker, 5.7 anti-stampede)
v2.0.0
v2.0.0: independent axis skill from execution-harness monorepo
Metadata
Frequently Asked Questions
What is Tool Governance?
工具使用安全与可靠性。当工具反复失败、agent 绕过权限否决、或需要破坏性操作保护时使用。不适用于 agent 提前停止(用 execution-loop)或上下文管理(用 context-memory)。参见 error-recovery(限速恢复)。 It is an AI Agent Skill for Claude Code / OpenClaw, with 204 downloads so far.
How do I install Tool Governance?
Run "/install tool-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Tool Governance free?
Yes, Tool Governance is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Tool Governance support?
Tool Governance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Tool Governance?
It is built and maintained by _silhouette (@lanyasheng); the current version is v2.4.0.
More Skills